CVE-2024-7554

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

29 Aug 2024, 15:42

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Gitlab
Gitlab gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
CVSS v2 : unknown
v3 : 4.9
v2 : unknown
v3 : 6.5
References () https://gitlab.com/gitlab-org/gitlab/-/issues/471555 - () https://gitlab.com/gitlab-org/gitlab/-/issues/471555 - Broken Link

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 13.9 anteriores a 17.0.6, todas las versiones desde 17.1 anteriores a 17.1.4, todas las versiones desde 17.2 anteriores a 17.2.2. Bajo ciertas condiciones, es posible que se hayan registrado tokens de acceso cuando se realizó una solicitud de API de una manera específica.

08 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 11:15

Updated : 2024-08-29 15:42


NVD link : CVE-2024-7554

Mitre link : CVE-2024-7554

CVE.ORG link : CVE-2024-7554


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor